Reputation: 21
Laravel auth by generated token without passport and jwt
I'm trying to do api-auth by checking generated token from the logged-in user's username with md5 encryption method on the fly in laravel 5.5, and don't want to save the token into the users' table. When the user logs out the token will be invalid. The URL will be like this:
How can I do this?
Added - It is a test project from 44th world skills competition and following is from the test project document:
- Authentication
a. Login (v1/auth/login)
Description: For client to get login token via username and password
Request method: POST
Header: header authorization basic
Requested parameter:
- Body:
o Username
o password
Response result:
- If success,
o header: response status: 200
o body:
token`: authorization token (to be valid until logout). Token will be generated by the system from logged in username with md5 encryption method
Role (ADMIN / USER)
- If username/password not correct or empty,
o header: response status: 401
o body: message: invalid login
b. Logout (v1/auth/logout?token={AUTHORIZATION_TOKEN})
Description: For server to invalid the user’s token
Request method: GET
Header: header authorization basic
Response result:
- If success,
o header: response status: 200
o body:
message: logout success
- If unauthorized user access it,
data:
o Message: Unauthorized user
o Response status: 401
- Place
a. All Places (v1/place?token={AUTHORIZATION_TOKEN})
Description: For client to list all places in the database (include user’s search history indexed based on the frequency)
Request method: GET
Header: header authorization basic
Response result:
body:
o All data on array; consists of id, name, latitude, longitude, x, y, image_path, description.
o Response status: 200
- If unauthorized user access it,
data:
o Message: Unauthorized user
o Response status: 401
...
Upvotes: 1
Views: 2605
Answers (3)
Reputation:
you can create token api and gave it cron job or sessions and besides that you can do the reset and without saving it to the database just like jwt but you work on it and do it by your hand
Upvotes: 0
Reputation:
you can create your own middleware and inside that middleware specify the role for the user and use your own token creation or you can use jwt with it and the jwt is better for unsave the token in database
Upvotes: 1
Reputation: 21
The project is just for competition -- I solved the problem as following:
The user logs in by send username & password to the sever;
If success the server save the md5 code of the username to the session and return the code to the client;
The client save the md5 code into local storage as the token, it will be send to the server by subsequent requests;
The server verifies the token to decide whether the client can access its resources.
That's it! Just for competition, not for production.
Upvotes: 0
Related Questions
- Get token with JWT without attempting user credentials Laravel?
- How to verify a token with Laravel Passport?
- How to create a JWT Token without authentication
- Laravel 5.3 Passport JWT Authentication
- Laravel Passport: Create access token manually
- Laravel API Passport Token
- How to use token authentication in laravel web page
- Laravel API Authentication with JWT
- Using JWT in Laravel
- Laravel 4 Auth With Token